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I 1 , Abstract 

c/3 , The methods used to establish PSPACE-boxmds for modal logics can roughly be grouped 

into two classes: syntax driven methods establish that exhaustive proof search can be 
performed in polynomial space whereas semantic approaches directly construct shallow 
models. In this paper, we follow the latter approach and establish generic PSPACE- 
bounds for a large and heterogeneous class of modal logics in a coalgebraic framework. 
In particular, no complete axiomatisation of the logic under scrutiny is needed. This 
does not only complement our earlier, syntactic, approach conceptually, but also covers 
a wide variety of new examples which are difficult to harness by purely syntactic means. 
Apart from re-proving known complexity bounds for a large variety of structurally different 
logics, we apply our method to obtain previously unknown PSPACE-bounds for Elgesem's 
OO ! logic of agency and for graded modal logic over reflexive frames. 
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1 Introduction 
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Special purpose modal logics often combine expressivity and decidability, usually in a low 
complexity class. In the absence of fixed point operators, these logics are frequently decidable 
in PSPACE, i.e. not dramatically worse than prepositional logic. While lower PSPACE 
bounds for modal logics can typically be obtained directly from seminal results of Ladner [20] 
by embedding a PSPACE-hard logic such as K or KD, upper bounds are often non-trivial to 
establish. In particular PSPACE upper bounds for non-normal logics have recently received 
much attention: 

• A PSPACE upper bound for graded modal logic is obtained using a constraint set 
algorithm in [30]. This corrects a previously published incorrect algorithm and refutes a 
previous EXPTIME hardness conjecture. 

• More recently, a PSPACE upper bound for Presburger modal logic (which contains 
graded modal logic and majority logic [23]) has been established using a Ladner- type algo- 
rithm [6j . 

• Using a variant of a shallow neighbourhood frame construction from [3Tj, a PSPACE 
upper bound for coalition logic is established in |26j. 

• PSPACE upper bounds for CK and related conditional logics [3] are obtained in [22] by 
a detailed proof-theoretic analysis of a labelled sequent calculus. 



The methods used to obtain these results can be broadly grouped into two classes. Syntac- 
tic approaches presuppose a complete tableaux or Gentzen system and establish that proof 
search can be performed in polynomial space. Semantics-driven approaches, on the other 
hand, directly construct shallow tree models. Both approaches are intimately connected in 
the case of normal modal logics interpreted over Kripke frames: counter models can usually 
be derived directly from search trees [16]. It should be noted that this method is not immedi- 
ately applicable in the non-normal case, where the structure of models often goes far beyond 
mere graphs. 

Using coalgebraic techniques, we have previously shown [29] that the syntactic approach 
uniformly generalises to a large class of modal logics: starting from a one-step complete ax- 
iomatisation, we have applied resolution closure to obtain complete tableaux systems. Generic 
PSPACE-bounds follow if the ensuing rule set is PSPACE-tractable. Here, we present a differ- 
ent, semantic, set of methods to establish uniform PSPACE bounds by directly constructing 
shallow models for logics subject to the one-step polysize model property, or a variant of the 
latter. In particular, no axiomatisation of the logic itself is needed. 

Apart from the fact that both methods use substantially different techniques, they apply 
to different classes of examples. While it is e.g. relatively easy to obtain a resolution closed rule 
set for coalition logic [26], proving the one-step polysize model property for (the coalgebraic 
semantics of) coalition logic is a non-trivial task. On the other hand, small one-step models 
are comparatively easy to construct for complex modal logics such as probabilistic modal 
logic [8] or Presburger modal logic [6] that are not straightforwardly amenable to the syntactic 
approach via resolution closure, either because no axiomatisation has been given or because 
the complexity of the axiomatisation makes the resolution closure hard to harness. 

Moreover, the present semantic approach to PSPACE-bounds takes a significant step to 
overcome an important barrier in the coalgebraic treatment of modal logics. Existing decid- 
ability and completeness results |25[ [28"1 [29] are limited to rank-1 logics, given by axioms 
whose modal nesting depth is uniformly equal to one. While this already encompasses a large 
class of examples (including all logics mentioned so far), the semantic model construction in 
the present paper applies to non-iterative logics [21], i.e. logics axiomatised without nested 
modalities (rank-1 logics additionally exclude top-level propositional variables). Despite the 
seemingly minute difference between the two classes of logics, this generalisation is not only 
technically non-trivial but also substantially extends the scope of the coalgebraic method. 
Besides the modal logic T, the class of non-iterative logics includes e.g. all conditional logics 
covered in [22] (of which only 4 are rank-1), in particular CK + MP [3], as well as Elgesem's 
logic of agency [12] and the graded version Tn of T |11] . 

As in [29], we work in the framework of coalgebraic modal logic [25] to obtain results that 
are parametric in the underlying semantics of particular logics. While normal modal logics 
are usually interpreted over Kripke frames, non-normal logics see a large variety of different 
semantics, e.g. probabilistic systems [8], frames with ordered branching [6j, game frames [26], 
or conditional frames [3j. The coalgebraic treatment allows us to encapsulate the semantics 
in the choice of a signature functor, whose coalgebras then play the role of models, leading to 
results that are unformly applicable to a large class of different logics. 

Since the class of all coalgebras for a given signature functor can always be completely 
axiomatised in rank 1 [28], in analogy to the fact that the i^-axioms are complete for the 
class of all Kripke frames, the standard coalgebraic approach is not directly applicable to non- 
iterative logics. To overcome this limitation, we introduce the new concept of interpreting 
modal logics over coalgebras for copointed functors, i.e. functors T equipped with a natural 
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transformation of type T — > Id. 

In this setting, our main technical tool is to cut back model constructions from modal 
logics to the level of one-step logics which semantically do not involve state transitions, and 
then amalgamate the corresponding one-step models into shallow models for the full modal 
logic, which ideally can be traversed in polynomial space. For this approach to work, the 
logic at hand needs to support a small model property for its one-step fragment, the one-step 
poly size model property ( OSPMP). Our first main theorem shows that the OSPMP guarantees 
decidability in polynomial space. Crucially, the OSPMP is much easier to establish than a 
shallow model property for the logic itself. To reprove e.g. Ladner's PSPACE upper bound 
for K, one just observes that to construct a set that intersects n given sets, one needs at most 
n elements. For the conditional logics CK, CK+ID, and CK+MP, the OSPMP is similarly 
easy to check. For other logics, in particular various logics of quantitative uncertainty, the 
OSPMP can be obtained by sharpening known off-the-shelf results. As a new result, we 
establish the OSPMP for Elgesem's logic of agency to obtain a previously unknown PSPACE 
upper bound. 

As a by-product of our construction, we obtain NP-bounds for the bounded rank fragments 
of all logics with the OSPMP, generalizing the corresponding result for the logics K and T 
from [13] to a large variety of structurally different (non-iterative) logics. 

While the OSPMP is usually easy to establish, a weaker property, the one-step pointwise 
polysize model property (OSPPMP), can be used in cases where the OSPMP fails, provided 
that the signature functor supports a notion of pointwise smallness for overall exponential- 
sized one-step models. This allows traversing exponentially branching shallow models in 
polynomial space by dealing with the successor structures of single states in a pointwise 
fashion. Our second main result, which yields PSPACE upper bounds for logics with the 
OSPPMP, is applied to reprove the known PSPACE bound for Presburger modal logic [6] 
and to derive a new PSPACE bound for Presburger modal logic over reflexive frames, and 
hence for Tn [TT] (which was so far only known to be decidable [E]). The latter result extends 
straightforwardly to a description logic with role hierarchies, qualified number restrictions, 
and reflexive roles. 

2 Coalgebraic Modal Logic 

We recall the coalgebraic interpretation of modal logic and extend it to non-iterative logics 
using copointed functors. 

A modal signature A is a set of modal operators with associated finite arity. The signature 
A determines two languages: firstly, the one-step logic of A, whose formulas ip, . . . (the one- 
step formulas) over a set V of propositional variables are defined by the grammar 

ifi ::= _L I I L(fa,. . . ,<p n ), 

where L 6 A is n-ary and the fa are propositional formulas over V; and secondly, the modal 
logic of A, whose set J- (A) of A-formulas ip, ■ ■ ■ is defined by the grammar 

tp ::= _L I -<ip I £001, • ■ • , i>n)- 

Thus, the modal logic of A is distinguished from the one-step logic in that it admits nested 
modalities. The boolean operations V, — >, <->, T are defined as usual. The rank rank(0) 
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of <f) G J~(k) is the maximal nesting depth of modalities in eft (note however that the notion 
of rank-1 logic |28[ [29] is stricter than suggested by this definition, as it excludes top-level 
propositional variables in axioms; the latter are allowed only in non-iterative logics). We 
denote by ,F n (A) the set of formulas of rank at most n; we refer to the languages -F n (A) as 
bounded-rank fragments. 

We treat one-step logics as a technical tool in the study of modal logics. However, one- 
step logics also appear as logics of independent interest in the literature [U [TU [15]. One of 
the central ideas of coalgebraic modal logic is that properties of the full modal logic, such as 
soundness, completeness, and decidability, can be reduced to properties of the much simpler 
one-step logic. This is also the spirit of the present work, whose core is a construction of 
polynomially branching shallow models for the modal logic assuming a small model property 
for the one-step logic. 

The semantics of both the one-step logic and the modal logic of A are parametrized 
coalgebraically by the choice of a set functor. The standard setup of coalgebraic modal logic 
using all coalgebras for a plain set functor covers only rank-1 logics, i.e. logics axiomatised 
one-step formulas [28] (a typical example is the i^-axiom 0(a —* b) — > Oa — > Ob). Here, we 
improve on this by considering the class of coalgebras for a given copointed set functor, which 
enables us to cover the more general class of non-iterative logics, axiomatised by arbitrary 
formulas without nested modalities (such as the T-axiom Oa — ► a). We follow a purely 
semantic approach and hence do not formally consider axiomatisations in the present work 
(where we do mention axioms, this is for solely explanatory purposes). However, the extended 
scope of the new framework and its relation to non-iterative modal logics (which can be made 
precise in the same way as for plain functors and rank-1 logics [28]) will become clear in the 
examples. 

In general, a copointed functor (T, e) consists of a functor T : Set — > Set, where Set is 
the category of sets, and a natural transformation e : T —* Id. For our present purposes, a 
slightly restricted notion is more convenient: 

Definition 2.1. A (restricted) copointed functor S with signature functor So : Set — > Set is 
a subfunctor of So x Id (where (So x Id)X = SoX x X). We say that S is trivially copointed 
if S = So x Id. An S-coalgebra A = (X, £) consists of a set X of states and a transition 
function £ : X — > SoX such that (£(x),x) G SX for all x. 

Remark 2.2. The modal logic ^"(A) does not explicitly include propositional variables. These 
may be regarded as miliary modal operators in A; their semantics is then defined over coal- 
gebras for So x V(V), where V is the set of variables (cf. also e.g. [28]). We omit discussion 
of propositional variables in the examples, even in cases like the modal logic of probability 
that become trivial in the absence of variables; our treatment extends straightforwardly to 
the case with variables in the manner just indicated. 

We view coalgebras as generalized transition systems: the transition function maps a state 
to a structured set of successors and observations, with the structure prescribed by the sig- 
nature functor. Thus, the latter encapsulates the branching type of the underlying transition 
systems. Copointed functors additionally impose local frame conditions that relate a state to 
the collection of its successors. 

Assumption 2.3. We assume w.l.o.g. that So preserves injective maps [2], and even SoX C 
SqY in case X QY, and that S is non-trivial, i.e. SX = => X = 0. 
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Generalising earlier work (e.g. \17\ I19j). coalgebraic modal logic abstractly captures the inter- 
pretation of modal operators as polyadic predicate liftings [25| 127]. 

Definition 2.4. An n-ary predicate lifting (n G N) for So is a natural transformation 

\: Q n -> Qo Sq P , 

where Q denotes the contravariant powerset functor Set op — > Set (i.e. QX is the powerset 
V(X), and Qf(A) = f~ l [A]), and Q n is defined by Q n X = {QX) n . 

A coalgebraic semantics for A is formally defined as a A-structure A4 (over S) consisting of 
a copointed functor S with signature functor Sq and an assignment of an n-ary predicate 
lifting [L] for Sq to every n-ary modal operator L G A. When S is trivially copointed, we 
will also call A4 a simple A-structure (over So). We fix the notation A, KA, S, Sq throughout 
the paper. The semantics of the modal language J-~(A) is then given in terms of a satisfaction 
relation \=c between states x of 5-coalgebras C = (X, £) and ,F(A)-formulas over V. The 
relation \=c is defined inductively, with the usual clauses for boolean operators. The clause 
for an n-ary modal operator L is 

where {(ft} c = {x G X \ x \=c (ft}- We drop the subscripts C when clear from the context. 
Our main interest is in the (local) satisfiability problem over KA: 

Definition 2.5. An JF(A)-formula (ft is satisfiable if there exist an S-coalgebra C and a state 
x in C such that x \=c (ft- Dually, (ft is valid if x \=c (ft for all C, x. 

Contrastingly, the semantics of the one-step logic is given in terms of satisfaction relations 
\=x T between elements t G SoX and one-step formulas over V, where A is a set and r is 
a V(X) -valuation for V, i.e. a map r : V — > V(X). The valuation r canonically induces 
an interpretation of [</>]°t C X of propositional formulas (ft over V. We write X, r |=° (ft if 
[(/>]°r = X. The relation is then defined by the usual clauses for boolean operators, and 

ihx.r^lr-io) t G M(M r,...,W°r)- 

Note in particular that the semantics of the one-step logic does not involve a notion of state 
transition. 

Definition 2.6. A one-step model (X,r,t,x) over V consists of a set X, a "P(A)-valuation 
t for F, t G SoA, an d x G A such that (£, G SAT. The latter condition is vacuous if S is 
trivially copointed, in which case we omit the mention of x. For a one-step formula ift over 
V, (X,r,t,x) is a one-step model of ift if i V'- 

We recall some basic notation: 

Definition 2.7. We denote the set of propositional formulas over a set Z, generated by the 
basic connectives —> and A, by Prop(Z). We use variables e etc. to denote either nothing or 
-i. Thus, a literal over Z is a formula of the form ea, with a G Z. A (conjunctive) clause 
is a finite, possibly empty, disjunction (conjunction) of literals. We denote by A(Z) the set 
{L(ai, ... ,a n ) j L G A n-ary, ai, . . . ,a n E Z}. 
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In the above notation, the set of one-step formulas over V is Prop(A(Prop(V))). The one-step 
logic may alternatively be presented in terms of pairs of formulas separating out the lower 
propositional layer: 

Definition 2.8. A one-step pair ((ft,ip) over V consists of formulas ip £ Prop(A(V)) and 
(ft £ Prop(V). A one-step model (X,t, t, x) is a one-step model of ((ft,ift) if X, r (ft and 

In analogy to the equivalence between axioms and one-step rules described in [28J, one-step 
pairs and one-step formulas may replace each other for purposes of satisfiability: 

Lemma 2.9. For every one-step pair ((f), tft) over V with (ft satisfiable, there exists a Prop(V)- 
substitution a such that the one-step formula ifta is equivalent to ((ft, tft) in the sense that if 
t \=x T ipcr then t \= x aT ((ft,ift), and if t \= Xt (<^V0 then t \= 1 Xt iftu (and <jt = t). Here, ar 
denotes the V(X) -valuation taking a to \o~(a)~fT. 

Conversely, we have, for if) £ Prop(A(Prop(F))) ; an equivalent one-step pair (<ft,ift\) over 
V U W , where ip decomposes as ip = ifticr, with ipi £ Prop(A(W)), a a Prop(V)- substitution, 
and V n W = 0, and where (ft is the conjunction of the formulas a <-> cr(a), a £ W. Here, 
restricting valuations to V induces a bijection between one-step models of(4>,tpi) and one-step 
models oftp. 

Proof. The second claim is clear. The first claim is proved as follows. As in [28J, let k be 
a satisfying truth valuation for <p and put a(a) = a A <f> if k[cl) = _L, and a(a) = (ft — > a 
otherwise. Then (fta and the formulas (ft — > (a <-> cr(a)), for a £ V, are tautologies [28J. Both 
directions of the first claim now follow straightforwardly. □ 

The coalgebraic approach subsumes many interesting modal logics, including e.g. graded and 
probabilistic modal logics and coalition logic [29]. Below, we present the most basic examples, 
the modal logics K and T, as well as various conditional logics and logics of quantitative 
uncertainty. The treatment of Elgesem's modal logic of agency is deferred to Sect. |U 

Example 2.10. 1. Modal logic K: Let A = {□}, with □ a unary modal operator. We 
define a simple A-structure over the covariant powerset functor V (i.e. VX is powerset, and 
Vf(A) = f[A\) by putting \p] x (A) = {B £ VX \ B C A}. Naturality of [□] is just the 
equivalence f[B] C A B Q f~ l [A]. 

P-coalgebras are Kripke frames, and "P-models are Kripke models. The modal logic of A 
is precisely the modal logic K, equipped with its standard Kripke semantics. Contrastingly, 
a one-step formula over V is a propositional combination of atoms of the form U(ft, where 
(ft £ Prop(V). For A £ VX, we have A \= Xr U<f> iff A C [(ftfr. One easily checks that the 
one-step logic is NP-complete, while the modal logic K is PSPACE-complete [20J. 

2. Modal logic T: The logic T has the same syntax as K. Its coalgebraic semantics is a 
structure over the copointed functor R with signature functor V, given by 

RX = {(A, x) £ VX x X | x £ A}. 

Thus, i?-coalgebras are reflexive Kripke frames. The interpretation of □ is defined as for K. 
(Axiomatically, T is determined by the non-iterative axiom Da — > a.) 
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3. Conditional logic CK : The signature of conditional logic has a single binary modal op- 
erator =>, written in infix notation. Formulas <f> ip are read as non-monotonic conditionals. 
The semantics of the conditional logic CK [3] is given by a simple structure over the functor 
Cf given by Cf{X) = (QX — * VX), with — > denoting function space and Q contravariant 
powerset, cf. Definition 12.41 (7/-coalgebras are conditional frames [3]. The operator =4* is 
interpreted over Cf by 

{=>j x (A, B) = {f:QX^VX\ f(A) C B}. 

4. Conditional logic CK+ID: The conditional logic CK+ID [3] extends CK with the rank-1 
axiom a =>■ a, referred to as ZD. The semantics of CK + ID is modelled by restricting the 
structure for CK to the subfunctor Cfjjy of C/ defined by 

Cf ID (X) = {f G (7/(X) | VA G QX /(A) C A}. 

5. Conditional Logic CK+MP: The logic CK+MP [3] extends C-R' with the non-iterative 
axiom 

(MP) (a => b) -> (a -» 6). 

(This axiom is undesirable in default logics, but reasonable in relevance logics.) Semantically, 
this amounts to passing from the functor Cf to the copointed functor Cfup with signature 
functor Cf, defined by 

Cf M p(X) = {(/, x) g Cf{X) xX\VAcX.xeA^xe f(A)}. 

6. Modal logics of quantitative uncertainty: The modal signature of likelihood has n-ary 
modal operators Yli=i a 'iK-) > b for ai,...,ai,6 G Q. The terms l{<f>) are called likelihoods. 
The interpretation of likelihoods varies. E.g. the semantics of the modal logic of probabil- 
ity [8] is modelled coalgebraically by a structure over the (finite) distribution functor , 
where D U X is the set of finitely supported probability distributions on X, and D^f acts as 
image measure formation. Coalgebras for are probabilistic transition systems (i.e. Markov 
chains). Likelihoods are interpreted as probabilities; i.e. 

E?=i * • K-) > bj x (A u . . . , An) = {P G D^X | Zti <HP(Ai) > b}. 

Alternatively, likelihoods may be interpreted as upper probabilities [U], i.e. the functor 
is replaced by V o D^, and in the above definition, P{Ai) is replaced by ?$*{Ai), where for 

G VD^jX, *P*(A) = sup {PA | P G ^P}. This setting describes situations where agents 
are unsure about the actual probability distribution. Further alternative notions of likelihood 
include Dempster-Shafer belief functions and Dubois-Prade possibility measures [15]. An 
extension of the modal signature of likelihood is the modal signature of expectation |15| . 
where instead of likelihoods one more generally considers expectations e(^J^ 1 bijfyj). Here, 
linear combinations of formulas represent gambles, i.e. real-valued outcome functions, where 
the payoff of <j) is the characteristic function of 4>. The exact definition of expectation depends 
on the underlying notion of likelihood. 

One-step logics of quantitative uncertainty are often considered to be of independent in- 
terest. E.g. the one-step logic of probability, i.e. a logic without nesting of likelihoods that 
talks only about a single probability distribution, is introduced independently [9] and only 
later extended to a full modal logic [8j. In fact, logics of expectation [15] and the logic of 
upper probability [H] so far appear in the literature only as one-step logics; the corresponding 
modal logics are of interest as natural variations of the modal logic of probability. 
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Convention 2.11. We assume that A is equipped with a size measure, thus inducing a size 
measure for ^(A). For one-step formulas <p over V, we assume w.l.o.g. that \V\ < size(c/>). For 
finite X, we assume given a representation of elements (t, x) G SX as strings of size size(i, x) 
over some finite alphabet. We do not require that all elements of SX are representable, nor 
that all strings denote elements of SX. When S is trivially copointed, we represent only 
t G Sq(X). We require that inclusions SX C SY induced according to Assumption 12.31 by 
inclusions X C Y into a finite base set Y preserve representable elements and increase their 
size by at most log \Y\. 

We make these issues explicit for the above examples: 

Example 2.12. 1. Modal logics K and T: For X finite, elements of VX are represented 
as lists of elements of X. 

2. Conditional logics CK and CK+ID: For X finite, elements of QX — > VX are represented 
as partial maps fo : QX — VX; such an fo represents the total map / that extends fo by 
f(A) = when /o(^4) is undefined. (The use of partial maps avoids exponential blowup.) 

3. Conditional logic CK + MP: For X finite, a pair (fo,x) consisting of a partial map 
fo : QX — VX and a; € X represents the pair (/, x), where / : QX — > VX extends fo by 
/(^4) = A n {x} in case /o(^4) is undefined. 

4. Modal logics of quantitative uncertainty: Suitable compact representations are described 
in M, M- 

3 Polynomially branching shallow models 

We now turn to the announced construction of polynomially branching shallow models for 
modal logics whose one-step logic has a small model property; this construction leads to a 
PSPACE decision procedure. 

Definition 3.1. We say that A4 has the one-step polysize model property (OSPMP) if there 
exist polynomials p and q such that, whenever a one-step pair (cp, ip) over V has a one-step 
model (X, r, t, x), then it has a one-step model (Y, k, s,y) such that \Y\ < p(\ip\), (s,y) is 
representable with size(s,y) < | -0 1 ) ? and y G n(a) iff x € r(o) for all a € V. 

In analogy to the transition between rules and axioms described in [28] . one-step pairs are 
interchangeable with one-step formulas. In particular, we have 

Proposition 3.2. The A-structure Ai has the OSPMP iff there exist polynomials p, q such 
that, whenever a one-step formula ip over V has a one-step model (X, r, t,x), then it has a 
one-step model (Y,K,s,y) such that y £ k(o) iff x £ r(a) for all a € V, \Y\ < p(\ifji\), and 
(s,y) is representable with size(s,y) < gd^il)? where ip = ip\a with tpi G Prop(A(VF)) and a 
a Prop(y) -substitution. 

Proof. Only if: Let (X, r, t, x) be a one-step model of a one-step formula ip over V. By 
Lemma [2 .91 ip is equivalent to a one-step pair of the form (0, ip\), with ip\ as in the statement. 
By the OSPMP, (<p,ipi) has a one-step model (Y,K,s,y) such that \Y\ < p(\ipi\), size(s,y) < 
gd^il), and y G k(o) iff x G r(o) for all a G V; by Lemma 12.91 this model gives rise to a 
one-step model of ip with the components Y, s, y unchanged. 
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//: Let (X, t, t, x) be a one-step model of a one-step pair (tf>,ip) over V. By Lemma l2~9l 
(4>,ip) is equivalent to a one-step formula of the form ipa, where a is a Prop(V)-substitution. 
By assumption, ipa has a one-step model (Y, k, s, y) such that \Y\ < p(\ip\), size(s, y) < q(\ip\), 
and y G n{a) iff x G r(a) for all a G V. By Lemma [2l?| this model gives rise to a one-step 
model of ((p,ip) with the components Y", s, y unchanged. □ 

Both formulations of the OSPMP easily reduce to the case that ip is a conjunctive clause. 

Remark 3.3. It is shown in [28J that the one-step logic always has an exponential-size model 
property: a one-step formula ip over V has a one-step model iff it has a one-step model with 
carrier set V(V). 

We are now ready to prove the shallow model theorem. 

Definition 3.4. A supporting Kripke frame of an S-coalgebra (X, £) is a Kripke frame (X, R) 
such that for each x G X, 

G S {?/ | C S X 

(equivalently (£(x), x) G S{y \ xRy}). A state x G X is a /oop if 

Theorem 3.5 (Shallow model property). // M. has the OSPMP, then J 7 (A) has the poly- 
nomially branching shallow model property: There exist polynomials p, q such that every 
satisfiable J-{A)-formula ip is satisfiable at the root of an S-coalgebra (X,£) which has a sup- 
porting Kripke frame (X, R) such that removing all loops from (X, R) yields a tree of depth at 
most rank^) and branching degree at most p{\ip\), and (£(x),x) G S{y \ xRy} is representable 
with size (£(x), x) < q(\ip\)- 

Definition 3.6. For i£l and a V{X) -valuation r, we put Th r (x) = Axer(o) a ^/\xfr(a) 

Proof of Theorem \3.h\ Induction over the rank of ip. If rank(^) = 0, then ip evaluates to T 
and hence is satisfied in a singleton S'-coalgebra [X, £), which exists by Assumption 12.31 

Now let rank(V') = n + 1. Let zq be a state in an S-coalgebra [Z, Q such that zq \=(z,Q ' i P- 
Let MSub{ip) denote the set of subformulas of ip occuring in ip within the scope of a modal 
operator, let V be the set of variables a p , indexed over p G MSub(ip), and let a denote the 
substitution taking a p to p for all p. Let ip be the conjunction of all literals eL(a pi , . . . ,a Pn ) 
such that L(pi,...,p n ) is a subformula of ip and zq \=(z,C) e -^(/°i> • • • > Pn)- (Recall that e 
denotes either nothing or negation.) Moreover, let <p denote the propositional theory of a, i.e. 
the conjunction of all clauses x over V such that x°~ is >C-valid. 

Then (Z, k, C(^o)) z o) 1S a one-step model of (<p,ip), where n(a) = [c(a)](^n- By the 
OSPMP, it follows that ((j>,ip) has a one-step model (Y, t, t,Xo) of polynomial size in \ip\ such 
that for all p G MSub(ipi), xq G r(a p ) iff zq G n(p), which in turn is equivalent to zq H(z,C) P- 

From this model, we now construct a shallow model (X, £) for ip. To begin, note that 
Th T (y)<7 is /^-satisfiable for every y G Y. For suppose not; then -Th T (y)o~ is C- valid, hence 
-Tlv(y) is a conjunct of (p. Thus, Y,r -iTh T (y), in contradiction to the fact that y G 
[Th r (y)]r by construction. By induction, we thus have, for every y G Y, a shallow model 
(X y , £ y ) of Th T (y)cr, where we may assume y G X y and y \=(x y £ y ) Th r (y)cr, with depth at most 
rank(Th T (y)cr) = n. We take (X,£) as the disjoint union of the (X y ,£ y ) over y G Y — {xq}, 
extended by the state xq, for which we put £(xq) = t G SqY C SqX. 
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We have to verify that xq H(X£) i>- We will prove the stronger statement xq |=(x,f) i J<J ^ 

i.e. 

t \=X,6 (1) 

where 9(a p ) = {p}^ x £) f° r P G MSub(ip). 

By induction over % and naturality of predicate liftings, y \=(x,£) X iff V \=(x v ,£ ) X f° r 
y G y — {^o} and for every formula \- I n particular, y \=(x,£) Th T (y)<7 for all y G K — {xo}> 
i.e. 

y p y g t (°p) ( 2 ) 

for all p G MSub(tp). We prove by induction over p G MSub(ip) that 

|=(x,e) P G r(a p ), (3) 

which in connection with ([2]) yields 

W M ny = T(a p ). (4) 

The steps for boolean operations are straightforward. For L(pi, . . . ,p n ) G MSub(ip), we have 
^0 H(X,£) £(Pl ; ■ ■ ■ >Pn) 

* G Wr([pi](x,0 n y)i=i,..., n = [L] y (r(a pi ), . . . ,r(a p J) 
<J= ^ > * ^(y.T) L{a pi , . . . ,a Pn ), 



using naturality of [L] in the first step and the inductive hypothesis in the shape of @ 
in the subsequent equality. Since t \=(y,t) V'j * ne l as t statement is equivalent to z \=(z,Q 
L(pi, . . . ,p n ). By the definition of K, this is equivalent to zq G n(a L ( pi ^ Pn )), which in turn 
is equivalent to xq G T{a L i pi ^ Pn yj by construction of (Y, r, t,xo). 

By (jH) and naturality of predicate liftings, our remaining goal (H|) reduces to t |=y T 
which holds by construction. 

Finally, we have to establish that the overall branching degree of the model is polyno- 
mial in The model is recursively constructed from polynomial-size one-step models for 
pairs whose second components are conjunctive clauses over atoms L(a pi , . . . , a Pn ), where 
L(pi, . . . , pn) is a subformula of ip. Such conjunctive clauses are of at most quadratic size in 
\ip\ (even 0(|^| log \ip\) if subformulas of ip are represented by pointers into ip); this proves 
the claim. □ 



Remark 3.7. While it is to be expected that the construction of polynomially branching 
models depends on a condition like the OSPMP, it does not seem to be the case that the 
precise formulation of this condition is implicit in the literature (not even for the trivially 
copointed case). Note in particular that the polynomial bound depends only on the second 
component of a one-step pair. This is crucial, as the first component of the one-step pair 
constructed in the above proof may be of exponential size. When we say in the introduction 
that the OSPMP can be obtained from off-the-shelf results (e.g. (9j [T4"| I15j). we refer to 
polynomial-size model theorems in which the polynomial bound depends, in the notation 
of Proposition 13.21 on \ip\, which may be exponentially larger than \ipi\; typically, only an 
inspection of the given proofs shows that the bound can be sharpened to be polynomial in \ipi\. 

The proof of Theorem 13.51 leads to the following nondeterministic decision procedure. 
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Algorithm 3.8. (Decide satisfiability of an ,F(A)-formula ifi) Let M have the OSPMP, and 
let p, q be polynomial bounds as in Definition 13.11 

1. If rank(^) = 0, terminate successfully if ip evaluates to T, else unsuccessfully. Otherwise: 

2. Take V and a as in the proof of Theorem l3.5l and guess a conjunctive clause tp over A(V) 
containing for each subformula L(pi, . . . , p n ) of ip either L(a pi , . . . , a Pn ) or -iL(a pi , . . . , a Pn ) 
such that ipo~ propositionally entails ip. 

3. Guess a "P(Y)-valuation r for V and (t,x) G SY with size(i, x) < q(\ip\), where Y = 
{1, . . . ,p(\ip\)}, such that t \=y^ T vp. 

4. For each y G Y, check recursively that Th T (y)<r is satisfiable. 

Since the rank decreases with each recursive call, the above algorithm can be implemented in 
polynomial space, provided that Step [3] can be performed in polynomial space. 

Definition 3.9. The one-step model checking problem is to check, given a string s, a finite 
set X, Ai, . . . , A n C X, and L G A n-ary, whether s represents some (t, x) G SX and whether 

t g m x (A U ...,A n ). 

This property and the above algorithm lead to a PSPACE bound for the modal logic. More- 
over, for bounded-rank fragments, the polynomially branching shallow model property be- 
comes a polynomial size model property, thus leading to an NP upper bound: 

Corollary 3.10. Let M have the OSPMP. 

1. If one-step model checking is in PSPACE, then the satisfiability problem of J 7 (A) is in 
PSPACE. 

2. If one-step model checking is in P, then the satisfiability problem of J- n (A) is in NP for 
every n G N. 

Proof. 1: By Algorithm [3]H1 

2: Let p and q be polynomial bounds on the branching degree of supporting Kripke frames 
and on the size of successor structures £(a?) as guaranteed by Theorem 13.51 Let n G N. Then 
by Theorem 13.51 every satisfiable formula ip G J- n {X) is satisfiable in a model (X, £) such 
that \X\ < Yli=o Pil^lY =: N and size(£(x)) < log(N)q(\ip\) for all where the second 

inequality relies also on Convention 12.111 Thus, the entire representation size of the model 
is bounded by M := N\og(N)q(\ip\), which is polynomial in \ip\. Thus, the following 
non-deterministic algorithm decides satisfiability of ip in polynomial time: 

1. Guess a model (X,£) of size at most M 

2. Check that (X,£) is an S-coalgebra. 

3. Check that + - 

The second step can be performed in polynomial time because one-step model checking is in 
P. The third step can be performed in polynomial time by recursively computing extensions 
M (x 0' a S a i n because one-step model checking is in P. □ 

This generalises results for the modal logics K and T established in [13]. 
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Example 3.11. 1. Modal logics K and T: One-step model checking for K and T amounts 
to checking a subset inclusion and, in the case of T, additionally an elementhood; this is 
clearly in P. To verify the OSPMP for K, let (X, r, A) be a one-step model of a one-step 
pair ((f), tp) over V; w.l.o.g. tp is a conjunctive clause over atoms Da, where a G V. For -Oa 
in ip, there exists x a & A such that x a ^ t(o). Taking Y to be the set of these x a , we 
obtain a polynomial-size one-step model (Y, ry, Y) of (<p,ip), where ry(a) = t(o) n Y for all 
a. The construction for T is the same, except that the point x of the original one-step model 
(X, t, A, x) is retained in the carrier set Y, and becomes the point of the small model. By 
Corollary 13.101 this reproves Ladner's PSPACE upper bounds for K and T [20], as well as 
Halpern's NP upper bounds for bounded-rank fragments [13j . 

2. Conditional logic: It is easy to see that one-step model checking for CK, CK+ID, and 
CK + MP is in P. (In particular, deciding whether a given string represents an element of 
Cfw(X) just amounts to checking subset inclusions. Moreover, deciding whether (/, x) £ 
CfMp(X), i.e. whether x E A implies x £ f(A), can be done in polynomial time thanks to 
the choice of default value for /; cf. Example 12. 12121 ) 

To prove that CK has the OSPMP, let (X, r, /) be a one-step model of a one-step pair 
(<p,ip), where w.l.o.g. ip is a conjunctive clause Ar=i e «( a « ^ ^ T ( a «) 7^ r ( a j)> fi x an 
element in the symmetric difference of r(aj) and r(aj). Moreover, if is negation, fix 
z« € /(r(aj)) \ r(6j). Let Y be the set of all and all z,- L . Let ry be the "P(Y)-valuation 
defined by ry(v) = r(v) n Y, and let /y £ Cf(Y) be represented by the partial map taking 
ry(oj) to /(t(cIj)) n Y for all i (this is well-defined by construction of Y). Then (Y,7y,/y) 
is a one-step model of (<p, tp). The cardinality of Y is quadradic in ip, and the representation 
size of fy is polynomial. 

Thanks to the choice of default value, this construction of polynomial-size one-step models 
works also for CK+ID. The construction for CK+MP is almost identical, except that the point 
x of (X, t, f, x) is retained in the small one-step model (Y, ry , fy, x); here, (fy,x) G CJmp(Y) 
due to the different choice of default value. 

We thus obtain that CK , CK+ID, and CK+MP are in PSPACE (hence PSPACE-complete, 
as these logics contain K and — in the case of CK+MP — T, respectively, as sublogics). This 
has previously been proved using a detailed analysis of a labelled sequent calculus |22j (the 
method of [22] yields an explicit polynomial bound on space usage which is not matched by 
the generic algorithm). The NP upper bound for bounded-rank fragments of CK, CK + ID, 
and CK+MP arising from Corollary 13.10121 is. to our knowledge, new. 

3. Modal logics of quantitative uncertainty: Polynomial size model properties for one-step 
logics have been proved for the logic of probability [9] , the logic of upper probability [H] , and 
various logics of expectation [15]. As indicated in Remark 13.71 the polynomial bounds are 
stated in the cited work as depending on the size of the entire one-step formula tp; however, 
inspection of the given proofs shows that the polynomial bound in fact depends only on the 
number of likelihoods or expectations in ip, respectively, and on the representation size of the 
largest coefficient. By Proposition 13.21 it follows that the respective logics have the OSPMP. 
Suitable complexity estimates for one-step model checking are also found in the cited work. 

By the above results, it follows that the respective modal logics of quantitative uncertainty 
are in PSPACE (hence PSPACE-complete, as one can embed KD by mapping to /(_) > 0), 
and in NP when the modal nesting depth is bounded. For the modal logic of probability, a 
proof of the PSPACE upper bound is sketched in [8]. The PSPACE upper bounds for the 
remaining cases (e.g. the modal logic of upper probability and the various modal logics of 
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expectation) seem to be new, if only for the reason that only the one-step versions of these 
logics appear in the literature. Similarly, all NP upper bounds for bounded-rank fragments 
are, to our knowledge, new. Moreover, the upper bounds extend easily to modal logics of 
uncertainty with non-iterative axioms, e.g. an axiom a — > 1(a) > p which states that the 
present state remains stationary with likelihood at least p. 

4 Extended Example: Elgesem's modal logic of agency 

There have been numerous approaches to capturing the notion of agents bringing about 
certain states of affairs, one of the most recent ones being Elgesem's modal logic of agency 
([7J and references therein, [12]). Modal logics of agency play a role e.g. in planning and task 
assignment in multi-agent systems (cf. e.g. [H [18]). 

Elgesem defines a logic with two modalities E and C (in general indexed over agents; all 
results below easily generalise to the multi-agent case), read 'the agent brings about' and 'the 
agent is capable of realising', respectively. The semantics is given by a class of conditional 
frames (X,f : X — > QX — > VX) (Example 12. 1013] ) . called selection function models in this 
context. The clauses for the modal operators are 



It is shown in [7J [12] that the logic of agency is completely axiomatised by -■CT, -iC_L, 
Ea A Eb — ► E(a A b), Ea — > a, and Ea — > Ca. Notably, the agent is incapable of realising 
what is logically necessary (—iCT), i.e. the notion of realising a state of affairs entails actual 
attributability (this axiom is weaker than previous formulations using avoidability; cf. the 
baby food example in [7]). Monotonicity is not imposed. The axiom -iC_L is due to [12J. 

Most of the information in selection function models (motivated by philosophical consid- 
erations in [7J) is irrelevant for the semantics of E and C: one only needs to know whether 
f(x)(A) is non-empty, and whether it contains x. Moreover, the selection function seman- 
tics fails to be coalgebraic, as the naturality condition fails for the (generalised) predicate 
lifting implicit in the clause for E. Both problems are easily remedied by moving to the 
following coalgebraic semantics: put 3 = {_L,*,T} (to represent the cases f(x)(A) = 0, 
x £ f(x)(A) y£ 5 and x £ f(x)(A), respectively), and take as signature functor the 3-valued 
neighborhood functor N$ given by N%(X) = Q(X) — > 3 (with Q(X) denoting contravari- 
ant powerset). We define the copointed functor A as the subfunctor of JV 3 x Id such that 



x\=E(j> iff xef(w)([<t>J) and 
x^C<P iff /M(M)#0. 



The relevant class of selection function models (X, f) is defined by the conditions 



(El) 
(E2) 
(E3) 



f(x)(X) = 

f(x)(A)nf(x)(B)Qf(x)(AnB) 
f(x)(A) C A. 



(/, x) 6 A{X) iff for all A, B C X 



(El') 
(E2') 
(E3a') 
(E3b') 



f(X) = 1 

f(A)^f{B)<f{Ar\B) 
/(0) = J- 
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where A and < refer to the ordering _L < * < T. We define a structure over A for the modal 
logic of agency by 

IE\ X A = {/ : Q - 3 | f(A) = T} 
\C\ X A = {/ : Q - 3 | f(A) + _L}. 

Proposition 4.1. A formula of the modal logic of agency is satisfiable in a selection function 
model iff it is satisfiable over A. 



Proof. 'Only if:' Given a selection function model (X,f), define an iV"3-coalgebra (X,f) by 

m(A) 



'T iixef(x){A) 
* ii x ? f(x)(A) ^ 
± iif(x)(A) = t 



It is clear that (X, f) is an A-coalgebra and that i£l satisfies the same formulas in (X, /) 
as in (X,f). 

'If: Let (X,f) be an A-coalgebra. We can assume that |[</>]pf ^| ^ 1 for all formulas 4> 
(otherwise, form the coproduct of (X, f ) with itself, so that each state has a twin satisfying 
the same formulas). We define a selection function model (X,f) by 



m(A) 



A iff(x)(A) = T 

A-{x} if/(x)(A) = * 
if/(a;)(A) = _L 



It is clear that (X, /) satisfies E1-E3. One shows by induction over the formula structure that 
x £ X satsifies the same formulas in (X, /) as in (X, f), with the only non-trivial point being 
that in the step for the modal operator C, one has to note that, by the above assumption, 
Ul(xj) ~ W * ^ whenever f{x){\<\>\ XJ) ) = *. □ 

To avoid exponential explosion, we represent elements of N^(X), for X finite, using partial 
maps /o : Q[X) — 3. To enforce (E2') ; we let such an /o represent the map / : Q(X) — ► 3 
that maps B C X to the maximum of AILi /o(A), taken over all sets A%, . . . , A n C X such 
that f)Ai = B and /o(A) is defined for all i; when no such sets exist, the maximum is 
understood to be _L. 

Lemma 4.2. Let /q and f be as above. 

1. Whenever fo(A) is defined, then fo(A) < f(A). 

2. Let be 3. Then f(A) > b iff f){B CX\ACB, f (B) > b defined} = A. 

3. The pair (f,x) satisfies (El 1 ) iff fo(X) is either undefined or equals _L. 
4- The pair (f,x) satisfies (E2 1 ). 

5. The pair (f,x) satisfies (E3a! ) ifff\{A C X \ f (A) > 1 defined} ^ 0. 

6. The pair (f,x) satisfies (E3b' ) iff whenever fo(A) = T is defined, then x £ A. 

Proof. Ui: Trivial. 

[H: 'If is trivial. 'Only if: by assumption, A = HILi &i ^ or some Bi such that fo{Bi) > b is 
defined for all i; the claim follows immediately. 
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0.' 'Only if is immediate by[TJ, and 'if holds because X = (~]Ai implies Ai = X for all i. 

By construction. 
O : Immediate by [2j 

0: 'Only if holds by 1., and 'if holds because f(B) = T implies that B = f]Ai for sets Ai 
such that fo(Ai) = T for all i. □ 

By Lemma [4.2l it is immediate that one-step model checking is in P. To prove the OSPMP, let 
(X, t, f : Q(X) — > 3, x) be a one-step model of a one-step pair (cj), ip) over V. By Remark 13.31 
we can assume that X is finite. Let the set Y C X consist of 

• the element x; 

• an element y a b G r(a) \ r(6) for each pair (a, 6) G V 2 such that -r(a) <2 t(6); 

• an element z a G f| {r(6) | 6 G V, r(a) C r(6), f{r(b)) > f(r(a))} \ r(a) for each a G V (z a 
exists by (E2')); and 

• an element w G 0{ T (b) I f( T (b)) > -L} (wo exists by (E2') and (E3a')). 

Put Ty(a) = r(o)ny for a G V, and let /y be represented by the partial map /o taking Ty (a) 
to /(r(a)) (/o is well-defined by construction of Y), Then 1" and (/y,x) are of polynomial 
size in tp, and (y, ry) |= </>. By Lemma |4.2| (/y,x) is in ^4(X), with the criterion for (E3a') 
satisfied due to u>o G Y. By Lemma T4.2I2[ the z a G Y ensure that fy{TY{o)) = /(r(a)) for all 
a G V, so that / y Hfy -ry) ' l P- 

By Corollary I3.10I we obtain that the modal logic of agency is in PSPA CE, and that 
bounding the modal nesting depth brings the complexity down to NP. Both results (and even 
decidability) seem to be new. In the light of the previous observation that the agglomeration 
axiom Ea A Eb — > E(a A b) tends to cause PSPACE-hardness |31j, we conjecture that the 
PSPACE upper bound is tight. 

5 Exponential Branching 

In cases where the OSPMP fails, it may still be possible to obtain a PSPACE upper bound 
by traversing an exponentially branching shallow model (by Remark I3.3I branching is never 
worse than exponential). The crucial prerequisite is that exponential-size one-step models 
can be traversed pointwise, accumulating during the traversal a polynomial amount of infor- 
mation that suffices for one-step model checking. This requires additional assumptions on the 
signature functor So: 

Definition 5.1. We say that So is pointwise bounded w.r.t. a set C if for all sets X, there 
exists an injection SoX <^-> (X — > C) (i.e. |So^| < \X — > C|). We then identify SoX with a 
subset of X — > C. 

(Note that the above does not require that XX. X — > C is functorial.) Recall from |27j that 
the signature functor So admits a separating set of unary predicate liftings (separation is 
a necessary condition for the generalised Hennessy-Milner property) iff the family of maps 
Sof : SoX — * So2, indexed over all maps / : X — > 2 = {±,T}, is jointly injective for each 
set X. Typically, functors So satisfying this condition satisfy the stronger requirement that 
already the family of maps (Sot{ x } '■ SoX — * So2) x ex is jointly injective, where 1a denotes 
the characteristic function of A C X, so that So is pointwise bounded w.r.t. So2; often, even 
a quotient of 5o2 will suffice. Of the signature functors mentioned in Example 12.101 V and 
D w are pointwise bounded (w.r.t. 2 and [0, 1], respectively), while Cf and VoD^ fail to be so. 
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Further examples of pointwise bounded functors include the game frame functor appearing 
in the semantics of coalition logic [29] and the multiset functor introduced below. 

Assume from now on that So is pointwise bounded w.r.t. C, with a given representation 
of elements of C (Convention 12.111 is no longer needed). For t : X — > C, we define 

maxsize(i) = maxsizefifx)), 

x<=X 

and put maxsize(i, x) = maxsize(i) for 

Definition 5.2. We say that M. has the one-step pointwise polysize model property 
(OSPPMP) if there exists a polynomial p such that, whenever a one-step pair (4>,tp) over V 
has a one-step model (A, r, t, x), then it has a one-step model (Y, k, s, y) such that |Y| < 2^1, 
maxsize(s) < and y G k(o) iff x G r(a) for all a &V; such a model is called pointwise 

polysize. 

By Remark 13.31 t ne actual content of the OSPPMP is the polynomial bound on maxsize(s). 
The OSPPMP holds for all pointwise bounded functors mentioned so far, trivially so in cases 
where C is finite. We have a variant of Theorem [321 proved entirely analogously, which states 
that under the OSPPMP, every satisfiable formula ip is satisfied in a shallow model (X, £) 
with branching degree at most 2^ and maxsize(£(a;)) polynomially bounded in For the 
ensuing algorithmic treatment, we need a refined notion of one-step model checking: 

Definition 5.3. The pointwise one-step model checking problem is to check, given a map 
t : X — > C, x G X, a "P(A)-valuation r for V, Y C X, and a conjunctive clause tp over A(V), 
whether (t, x) G SY C (A -> C) x A and t ^^ Ty V, where ry(a) = r(a) n F for a G V. We 
say that this problem is PSPACE-tractable if it is decidable on a non-deterministic Turing 
machine with input tape that uses space polynomial in maxsize(t) and accesses each input 
symbol at most once. 

Theorem 5.4. If M has the OSPPMP and pointwise one-step model checking is PSPACE- 
tractable, then the satisfiability problem of J 7 (A) is in P SPACE. 

Proof. Let M be a decision procedure for pointwise one-step model checking as required in the 
definition of PSPACE-tractability (Defn. loTB"!) . Let p be a polynomial witnessing the OSPPMP 
as in Definition 15.21 Then the following non-deterministic algorithm decides satisfiability of 
^-"(A)-formulas: 

Algorithm 5.5. 1. If rank(-0) = 0, terminate successfully if ip evaluates to T, else unsuc- 
cessfully. Otherwise: 

2. Take V and a as in the proof of Theorem[3J)J and guess a conjunctive clause tp over A(V) 
containing for each subformula L(pi, . . . ,p n ) of ip either L(a Pl , . . . ,a Pn ) or -*L(a pi , . . . ,a Pn ) 
such that ipa propositionally entails ip. 

3. Call M with arguments A, t, Y, t as in Definition l5.3l to check that t G TY and t \=^Yt y ) ^' 
with ry as in Definition E3 Here, A = 2 y , r(a) = {B G A | a G B}, 

Y = {B G A | f\ pA f\ ^p satisfiable} 

a p £B a p ^B 

is calculated recursively, and t G (A — > C) with maxsize(t) < p(|</>|) is guessed. 
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It remains to see that the above algorithm can be implemented in polynomial space although 
the input to M in Step [3] is of overall exponential size. This is achieved by replacing read 
operations on the input tape in M by calls to a procedure passed by the caller, which produces 
the k-th input symbol on demand, and then calling the modified pointwise model checker M' 
with such a procedure instead of the full argument. By the assumption that M accesses each 
symbol on the input tape at most once, there is no need to keep the symbols representing the 
guessed value t in memory after they have been passed to M' . Therefore, only polynomial 
space overhead is generated by the input to M' (the input procedure depends on <f> and hence 
has representation size 0(|^>|)); the space usage of M' itself is polynomial in maxsize(t) and 
therefore in \<j>\. □ 



Example 5.6. Theorem 15.41 applies e.g. to the modal logics K and T, as well as to prob- 
abilistic modal logic; however, as all these logics in fact enjoy the OSPMP, the method of 
Sect. [3] is preferable in these cases. A more interesting application is given by graded modal 
logic [llj, or more generally Presburger modal logic [6]. 

In its single-agent version, Presburger modal logic has n-ary modal operators 
Sr=i a «#(-) ~ &j where b and the a% are integers and ~G {<,>,=} U {=k\ k £ N}. A 
coalgebraic semantics for this logic, equivalent for purposes of satisfiability to the ordered 
tree semantics given in [6], is defined over the finite multiset functor B, which maps a set X 
to the set of maps B : X — > N with finite support, the intuition being that B is a multiset 
containing x € X with multiplicity B[x). For A C X, put B(A) = YlxeA B(x). £>-coalgebras 
are graphs with N-weighted edges. The above modalities are interpreted by 

E?=i ~ ■ ■ ■ , A n ) = {BG B(X) | J2i=i a iB{Ai) ~ b}, 

with >, <, = interpreted as expected, and as equality modulo k. This logic extends graded 
modal logic, whose operators Ok now become #(_) > k. 

Of course, B is pointwise bounded w.r.t. N. It follows easily from estimates on solution sizes 
of integer linear equalities [24] that Presburger modal logic has the OSPPMP [6j. Moreover, 
given a conjunctive clause ip over A(V), a 7 7 (A)-valuation r, and B £ B(X), one can check 
whether B T fp by traversing X and computing the B(r(a)) by successive summation; it is 
thus easy to see that pointwise one-step model checking is PSPACE-tractable. It follows that 
Presburger modal logic is in PSPACE. While this is proved already in [6], using essentially the 
same type of algorithm^], our method extends straightforwardly to extensions of Presburger 
modal logic by certain frame conditions such as reflexivity (modelled by the copointed functor 
SX = {(B, x) G BX x X | B(x) > 0}) or e.g. the condition that at least half of all transitions 
from a given state are loops (modelled by the copointed functor SX = {(B,x) € BX x X \ 
B{x) > B(X — {x}}). In particular, this implies that graded modal logic over reflexive frames 
(i.e. the logic Tn of [11]) is in PSPACE, to our knowledge a new result. The logic Tn can be 
seen as a description logic with qualified number restrictions on a single reflexive role. Our 
arguments extend straightforwardly to show that a description logic with role hierarchies, 
reflexive roles, and qualified number restrictions has concept satisfiability over the empty T- 
box in PSPACE. As reflexivity of a role R is expressed by the role inclusion id(T) C i?, where 
id(T) denotes the identity role, this logic is a fragment of ACCHQ(id) pQ. 

The claim that a (rank-1) logic further extended by regularity constraints is still in PSPACE is retracted 
in the full version of [B] as being based on possibly erroneous third-party results. 
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6 Conclusion 



We have formulated two local semantic conditions that guarantee PSPACE upper bounds 
for the satisfiability problem of modal logics in a coalgebraic framework: the OSPMP (one- 
step polysize model property) and its pointwise variant, the OSPPMP, which is weaker but 
relies on additional assumptions on the coalgebraic semantics. Both conditions allow a direct 
construction of shallow models and their traversal in polynomial space. This complements 
earlier work [29] where syntactic criteria have been used — in particular, both the OSPMP 
and the OSPPMP can be applied even when no complete axiomatisation of the logic at hand 
is known. Several instantiations of our results to logics studied in the literature witness both 
their generality and their usefulness: Apart from re-proving known PSPACE upper bounds 
for the normal modal logics K and T as well as for the conditional logics CK, CK+ID, and 
CK+MP, we have 

• given a systematic account of tight PSPACE upper bounds in modal logics of quantitative 
uncertainty that establishes new complexity bounds in some cases; 

• obtained a new PSPACE upper bound for Elgesem's modal logic of agency and for graded 
(even Presburger [6]) modal logic over reflexive frames and more generally for an exten- 
sion of the description logic ACCTLQ with reflexive roles PQ; 

• established (to our knowledge: new) tight NP upper bounds for bounded-rank fragments 
of the conditional logics CK, CK+ID, and CK+MP. 

Ongoing work focusses on the extension of our results to iterative modal logics, defined by 
frame conditions of higher rank, which however — in particular outside the realm of Kripke 
semantics — exhibit a tendency towards higher complexity or even undecidability (indeed, it 
seems to be the case that all known iterative PSPACE-complete modal logics are normal). 
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